1. Field of the Invention
Embodiments of the present invention relate to software security. More particularly, embodiments of the present invention relate to systems and methods for detecting software security vulnerabilities.
2. Background Information
To produce software that is more resistant to remote attacks, software developers benefit from the advancement of tools and technology that allow analysis of software with the goal of detecting potential security vulnerabilities. Currently, both static and dynamic program analysis techniques exist, and in general use, each type has its own advantages and disadvantages.
Static analysis techniques are based on a paradigm that certain conclusions can be drawn about program behavior that are valid regardless of the input values. A tradeoff is that, in contrast to dynamic analysis, which can yield very specific conclusions, static analysis often only allows one to make more abstract claims about the program's behavior. For example, in the context of analysis of the class of security vulnerabilities known as buffer overflows, an analysis algorithm may report that some buffer is overflowable, but it cannot predict the exact chain of events that will lead to the overflow at runtime, nor can it predict the amount of the overflow or the actual contents of the buffer. The latter conclusions fall in the domain of dynamic analysis and can be useful to know, but the program must execute on the right input set to observe them. Because security breaches are often the result of malicious or unexpected inputs, it is typically most useful to be able to draw conclusions about a program that are valid regardless of the input. For this reason, static analysis is most appropriate when initially investigating whether some program under consideration contains security-related flaws. Dynamic analysis can then be applied to examine how the conclusions of static analysis may materialize in practice.
Buffer overflows are known to be among the most common types of remotely exploitable software security vulnerabilities. Techniques from the known art in the field of buffer overflow analysis typically yield inaccurate results, requiring extensive manual intervention to draw useful conclusions from the results. An embodiment of the present invention improves upon the known art of a particular framework for analyzing buffer overflow vulnerabilities. One or more improvements yielded by embodiments of the present invention provide greater accuracy of analysis results and require fewer manual resources. In view of the foregoing, it can be appreciated that a substantial need exists for systems and methods that can advantageously provide for detecting software security vulnerabilities.